mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
BUG Fix users with all cms section access not able to edit files
Fixes #4078
This commit is contained in:
parent
1a78044e21
commit
8e24511266
@ -305,7 +305,7 @@ class File extends DataObject {
|
||||
$result = $this->extendedCan('canEdit', $member);
|
||||
if($result !== null) return $result;
|
||||
|
||||
return Permission::checkMember($member, 'CMS_ACCESS_AssetAdmin');
|
||||
return Permission::checkMember($member, array('CMS_ACCESS_AssetAdmin', 'CMS_ACCESS_LeftAndMain'));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -393,9 +393,13 @@ class FileTest extends SapphireTest {
|
||||
$this->objFromFixture('Member', 'frontend')->logIn();
|
||||
$this->assertFalse($file->canEdit(), "Permissionless users can't edit files");
|
||||
|
||||
// Test cms non-asset user
|
||||
// Test global CMS section users
|
||||
$this->objFromFixture('Member', 'cms')->logIn();
|
||||
$this->assertFalse($file->canEdit(), "Basic CMS users can't edit files");
|
||||
$this->assertTrue($file->canEdit(), "Users with all CMS section access can edit files");
|
||||
|
||||
// Test cms access users without file access
|
||||
$this->objFromFixture('Member', 'security')->logIn();
|
||||
$this->assertFalse($file->canEdit(), "Security CMS users can't edit files");
|
||||
|
||||
// Test asset-admin user
|
||||
$this->objFromFixture('Member', 'assetadmin')->logIn();
|
||||
|
@ -35,6 +35,8 @@ Permission:
|
||||
Code: CMS_ACCESS_LeftAndMain
|
||||
assetadmin:
|
||||
Code: CMS_ACCESS_AssetAdmin
|
||||
securityadmin:
|
||||
Code: CMS_ACCESS_SecurityAdmin
|
||||
Group:
|
||||
admins:
|
||||
Title: Administrators
|
||||
@ -42,9 +44,12 @@ Group:
|
||||
cmsusers:
|
||||
Title: 'CMS Users'
|
||||
Permissions: =>Permission.cmsmain
|
||||
securityusers:
|
||||
Title: 'Security Users'
|
||||
Permissions: =>Permission.securityadmin
|
||||
assetusers:
|
||||
Title: 'Asset Users'
|
||||
Permissions: =>Permission.cmsmain, =>Permission.assetadmin
|
||||
Permissions: =>Permission.assetadmin
|
||||
Member:
|
||||
frontend:
|
||||
Email: frontend@example.com
|
||||
@ -57,3 +62,6 @@ Member:
|
||||
assetadmin:
|
||||
Email: assetadmin@silverstripe.com
|
||||
Groups: =>Group.assetusers
|
||||
security:
|
||||
Email: security@silverstripe.com
|
||||
Groups: =>Group.securityusers
|
||||
|
Loading…
Reference in New Issue
Block a user